Snort mailing list archives
Re: [Emerging-Sigs] Reliability of signatures
From: Matt Olney <molney () sourcefire com>
Date: Thu, 10 Feb 2011 10:58:18 -0500
No, Google got hacked because of a spear phish that sent them to a html page that included an exploit vs. IE(6!?). That isn't SPAM, nor is it possible to detect, from a generic perspective, spear phishing emails. The IDS, hopefully, would alert on the return from the web server with the malicious web page. (Although in this case it was a 0-day). Email isn't the attack, email is the deliver system or, in the case of "click this link to get owned" the social engineering side. The attack is against a file format vulnerability. On Thu, Feb 10, 2011 at 10:02 AM, Michael Scheidell < michael.scheidell () secnap com> wrote:
On 2/10/11 9:55 AM, Matt Olney wrote: Also, SPAM isn't an IDS issue, at least from my point of view. I worry about malicious, not asinine. but then again, google got hacked into due to spam their engineers opened ;-) and, in fact, most of the external hacks today happen due to insiders opening spam. if you lock down the whole network, put in ids/ips, application firewalls, do vul scans, application web scans, sem's, everything.. you still have the lusers opening up fed ex recipients that are unknown viruses. spammed to them. malicious? you bet! -- Michael Scheidell, CTO o: 561-999-5000 d: 561-948-2259 ISN: 1259*1300*| *SECNAP Network Security Corporation- Certified SNORT Integrator - 2008-9 Hot Company Award Winner, World Executive Alliance - Five-Star Partner Program 2009, VARBusiness - Best in Email Security,2010: Network Products Guide - King of Spam Filters, SC Magazine 2008 ------------------------------ This email has been scanned and certified safe by SpammerTrap®. For Information please see http://www.secnap.com/products/spammertrap/ ------------------------------ ------------------------------------------------------------------------------ The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: Pinpoint memory and threading errors before they happen. Find and fix more than 250 security defects in the development cycle. Locate bottlenecks in serial and parallel code that limit performance. http://p.sf.net/sfu/intel-dev2devfeb _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------ The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: Pinpoint memory and threading errors before they happen. Find and fix more than 250 security defects in the development cycle. Locate bottlenecks in serial and parallel code that limit performance. http://p.sf.net/sfu/intel-dev2devfeb
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: [Emerging-Sigs] Reliability of signatures, (continued)
- Re: [Emerging-Sigs] Reliability of signatures Matt Olney (Feb 10)
- Re: [Emerging-Sigs] Reliability of signatures Michael Scheidell (Feb 10)
- Re: [Emerging-Sigs] Reliability of signatures Matt Olney (Feb 10)
- Re: [Emerging-Sigs] Reliability of signatures Michael Scheidell (Feb 10)
- Re: [Emerging-Sigs] Reliability of signatures Matthew Jonkman (Feb 10)
- Re: [Emerging-Sigs] Reliability of signatures Jacob Kitchel (Feb 11)
- Re: [Emerging-Sigs] Reliability of signatures Michael Scheidell (Feb 10)
- Re: [Emerging-Sigs] Reliability of signatures Jacob Kitchel (Feb 11)
- Re: [Emerging-Sigs] Reliability of signatures Martin Roesch (Feb 11)
- Re: [Emerging-Sigs] Reliability of signatures Michael Scheidell (Feb 10)
- Re: [Emerging-Sigs] Reliability of signatures Matt Olney (Feb 10)
- Re: [Emerging-Sigs] Reliability of signatures Seth Hall (Feb 11)
- Re: [Emerging-Sigs] Reliability of signatures Joel Esler (Feb 11)
- Re: [Emerging-Sigs] Reliability of signatures Seth Hall (Feb 11)
- Re: [Emerging-Sigs] Reliability of signatures Matt Olney (Feb 11)
- Re: [Emerging-Sigs] Reliability of signatures Seth Hall (Feb 11)
- Re: [Emerging-Sigs] Reliability of signatures Matt Olney (Feb 11)
- Re: [Emerging-Sigs] Reliability of signatures Crusty Saint (Feb 10)
- Re: [Emerging-Sigs] Reliability of signatures Matt Olney (Feb 10)
- Re: [Emerging-Sigs] Reliability of signatures Matthew Jonkman (Feb 10)
- Re: [Emerging-Sigs] Reliability of signatures List Subscriptions (Feb 10)